SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Generic)  >   Cisco AnyConnect Secure Mobility Client Vendors:   Cisco
Cisco AnyConnect Secure Mobility Client Input Validation Flaw Lets Remote Servers Activate the Authentication Form on the Client
SecurityTracker Alert ID:  1031540
SecurityTracker URL:  http://securitytracker.com/id/1031540
CVE Reference:   CVE-2014-3314   (Links to External Site)
Date:  Jan 15 2015
Impact:   Modification of system information
Vendor Confirmed:  Yes  

Description:   A vulnerability was reported in Cisco AnyConnect Secure Mobility Client. A remote user can cause the authentication form to be displayed to potentially capture user credentials.

A remote server can cause the connected client to display an authentication form, allowing the remote user to potentially capture valid user credentials.

Cisco has assigned bug IDs CSCuo24931 and CSCuo24940 to this vulnerability.

Impact:   A remote user can cause the authentication form to be displayed to potentially capture user credentials.
Solution:   No solution was available at the time of this entry.

The vendor's advisory is available at:

http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3314

Vendor URL:  tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3314 (Links to External Site)
Cause:   Input validation error
Underlying OS:  Android, UNIX (macOS/OS X)

Message History:   None.


 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, SecurityGlobal.net LLC